Microsoft will be in court tomorrow before the 2nd U.S. Circuit Court of Appeals to try to reverse a lower court's ruling that the Redmond, Washington based company has to turn over customer email records stored in a data center outside of the U.S.
The case involves a US law enforcement agency demanding Microsoft hand over a customer’s email records as part of a narcotics investigation. This is something that isn’t out of the norm and involves a search warrant and due process. Microsoft accordingly complied to an extent under the law and handed over the customer’s address book, which was stored in data center within the United States.
But Microsoft did not fulfill the entirety of the government’s request due to a point at the heart of the appeals hearing tomorrow. While they handed over the address book, they did not hand over the actual email records because those records are stored in a data center in Ireland, well out of the jurisdiction of any domestic law enforcement agency.
In the lower court’s ruling, the emails were declared fair game, despite being stored abroad, because there is significant legal precedent for subpoenaing bank and business records when they are held abroad. But Microsoft contends that emails are entirely different from business records. In Microsoft’s brief to the Second Circuit, the technology company states (via the Wall Street Journal):
“A bank can be compelled to produce the transaction records from a foreign branch, but not the contents of a customer’s safe-deposit box kept there. A customer’s emails are similarly private and secure and not subject to importation.”
Upholding the lower court’s decision would also potentially be a violation of a nation’s sovereignty, and it is not clear that there is precedent to seize customer’s data, like emails, stored in foreign countries.
In court papers, Microsoft calls upon congress to (via The Washington Post):
“grapple with the question whether, and when, law enforcement should be able to compel providers like Microsoft to help it seize customer emails stored in foreign countries. Only Congress has the institutional competence and constitutional authority to balance law enforcement needs against our nation’s sovereignty, the privacy of its citizens and the competitiveness of its industry.”
More to the point, the United States is ignoring its normal recourse under treaties with foreign governments to have Ireland seize the data on behalf of the US law enforcement agency’s investigation. Instead it is trying to seize the data directly from Microsoft through the US's legal system. If the lower court's decision is upheld, it could set a dangerous precedent of ignoring international norms and enabling US government agencies with the ability to unilaterally seize a person’s data even if stored abroad, as long as the company conducts any operations within the US.
With such significant implications to the future of email and cloud storage for any company that does business in the United States (which is virtually everyone), many have come to the support of Microsoft with their own legal briefs. The list of those supporting Microsoft goes on and on, and includes everyone from the ACLU, Apple, Amazon, Cisco Systems, the Software Alliance, U.S. Chamber of Commerce, Verizon, and more.
If the decision is upheld it could be a potential threat to the already diminished trust of the US government in regards to citizens’ private data, and a threat to the viability of the global cloud business because of reservations over having operations within US jurisdiction. Another appeals submission by 29 major US and foreign news and trade organizations also support Microsoft on the grounds that they rely on e-mail and cloud storage to “gather, store, and review documents protected by the First Amendment… Even if the subscriber today is not a reporter — although we do not know for sure — the next subscriber may be" (via The Washington Post).
The appeals hearing that starts tomorrow will be closely watched by the tech industry, and it should be closely watched by all; as it has potentially far reaching implications in establishing legal precedent for how and when the U.S. government can subpoena email records.